I’ll wager that 99% of people who read this from home are coming to me through an IPv4 NAT device that is only a few short steps from where they are sitting. NAT and IPv4, for reasons I understand yet still loathe, just go together these days. I’ll save my un-ending rant against NAT for another day but suffice to say I look upon NAT with contemptuous regard; a healthy respect for what it allows us to do but utter dislike for what it is at the same time. Call me conflicted.
NAT at home is easily categorized as one of those things almost all of us just do. It’s the standard way (if only in de facto form) home users connect their network to the Internet. Despite its many shortcomings, we know it, we’re comfortable with it and for people like my mom, it works without the need for them to comprehend it. The vendors who make home networking gear (Linksys, D-Link, Netgear, Buffalo, etc.) have done a decidedly good job of making home networking a ‘plug and pay’ experience. Plug the device in, pay your bill and you’re pretty much set. But IPv6 changes the rules in a big way. And I’ll wager that most of you already know why: no NAT! To be clear on that I suggest it is more appropriate to say no NAT66, which is NAT-ting from a v6 address to another v6 address. You know, what you do all day every day in IPv4 when your packets pass from the so-called ‘private’ network of your home out to the ‘public’ IPv4 Internet. The NAT you have lived with for so long is now referred to as NAT44 in order to distinguish it from all the other NAT types out there.
NAT66 doesn’t exist. And I pray with frequency that that simple sentence remains forever true.
So with no ability to ‘hide’ behind a NAT like we do in IPv4 we are left with one and only one choice: to route! Routing without translation is, shall we say, the ‘pure’ way of doing things. And IPv6 is, amongst many wonderful things, a return to purity. Purity insomuch as it means to live a life without NAT as it is most commonly known today.
So if we have no NAT66 in IPv6 how do we do networking from home (which has pretty much always been accomplished with a NAT device)? The answer, as I have already said is to route the traffic through your home router. This means you need a public IP address on the nodes on your internal (e.g. home) network.
To quickly summarize: you have a router at your house with a “WAN” interface that connects to your ISP and a LAN interface that is your internal network. Networks need network ID’s, right? Prefixes. How do you get a prefix? You’ll need a minimum of two; one for the WAN interface and one for your LAN interface. Obtaining the WAN prefix is comparatively simple. There will be three possibilities for getting the prefix for your WAN interface. They are:
- A static IP address provided to you by your ISP. This will be the most unlikely of the three choices because it will require folks like my mom (who at present does not know there is such a thing as an IP address) to log into her device and configure it. In short: not gonna’ happen for the masses.
- DHCP-assigned IPv6 address. Certainly possible and it won’t surprise me if some ISP’s go with this approach.
- SLAAC. Your external (WAN) interface will act like a regular node on the ISP-facing interface and obtain its prefix information and default route via Router Advertisement from the ISP’s router. I fully expect this to be the most common way things will be done.
The real question is: Without the use of a ‘private’ address space and a DHCP server built into the home router and without the ability to NAT the v6 traffic as it heads out to the Internet, how will we assign a functional/usable/routable prefix (network ID) to the internal interface(s) (e.g. LAN) of the router. There are two possibilities:
- Upon receiving specific prefix information from the ISP (via telephone or snail-mail) the residential customer will log in to their router and manually configure the internal interface prefix(es). While you might be able to swing this with small business I can assure you it isn’t going to happen with my mom at the helm.
- Use Prefix Delegation. Huh? What’s that?
Prefix delegation is, in Colin’s words, DHCP on steroids. A super-simple, one sentence definition of DHCP as we have always known it is: A mechanism for leasing IP configuration information to nodes in order to facilitate network communications. Put even more simply: DHCP gives out IP addresses to nodes. Prefix delegation is part of DHCP (some implementations) but it’s not about giving out IP addresses. Prefix Delegation gives out network ID’s. It’s DHCP for networks, not for IP addresses.
The SOHO router you buy to use at your house is going to get its WAN interface IPv6 address using one of the three options listed above. Your router (using its WAN interface) will also be a prefix delegation client to the delegating router provided by your ISP (via DHCP). So after you get a prefix on your WAN interface you will be delegated an additional base prefix (say a /56 or a /60) from your ISP. This prefix will be global in nature (e.g. not private, globally routable). Using this delegated base prefix, the software on your home router will automatically create the /64 prefix(es) on the LAN interface(s) and advertise them to the nodes on your internal network. Those nodes will then automatically address themselves (SLAAC). By all accounts the whole process should be automatic, effortless and, in the eyes of my mom, transparent. Her ability to continue life absent the awareness of IP addresses is preserved!
It’s really quite brilliant and I offer kudos to the folks who thought it up, created the standards and helped us make it happen. Prefix delegation is one of the single most important things in IPv6 that is going to allow for the same ‘plug and play’ style home networking that people have grown to expect. Without it IPv6 would be seriously embattled because the complexity of residential networking deployments would make networking at home a chore for the average human. And that’s not what this is ultimately about. Good networking is about being invisible to the end-user. I should not have to know the in’s and out’s of the internal combustion engine to drive a car and my mom should not have to be a networking expert to play a game of on-line brigde with her friends. And for that I offer my thanks to IPv6 prefix delegation.
Final thought. Prefix delegation is not the only thing that needs to happen for home networking gear to be IPv6 ready. Please read RFC 6204 for an excellent list of all the things your home router will need to do in order to be truly IPv6 ready. There is a lot more to talk about with home networking and IPv6. Stay tuned…
Colin Weaver is co-owner and lead instructor at ITdojo, Inc., a network security and information assurance training center and consulting firm located in Virginia Beach, VA. His passion for technology, networks, and security has led him to become enthralled with the idea of IPv6 and its implementation. In this blog he will share with you glimpses of what he has learned and a hint at what you’ll learn in his classes. Visit https://www.itdojo.com to learn more about ITdojo IPv6 course offerings.